amadey | f2c6d9872d46d42dc51f547c51a305841dddcfce39aec28caa131c8ae8600cfe | Triage

Sharing

General

Target

f2c6d9872d46d42dc51f547c51a305841dddcfce39aec28caa131c8ae8600cfe
Size

578KB
Sample

230206-se3rhahg6w
MD5

0961271837492f523ff3d6dd88db7017
SHA1

dfd97dbe29a1c30de545b67a625414efafa5d84e
SHA256

f2c6d9872d46d42dc51f547c51a305841dddcfce39aec28caa131c8ae8600cfe
SHA512

76cc75a9f52ae13b16933680b8b7dc7350753df3aa39a5b958e291805c9d891304b0dcf4ea34d41e33581756bbdf150c80dfb4a40d421f038c44dd53b560efb7
SSDEEP

12288:rMrVy90ADToudzs4VdFVwqGUfviVrylUzqn21COyzT:Syuum8vrGiW+lwDwNzT

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  f2c6d9872d46d42dc51f547c51a305841dddcfce39aec28caa131c8ae8600cfe
- Size
  
  578KB
- MD5
  
  0961271837492f523ff3d6dd88db7017
- SHA1
  
  dfd97dbe29a1c30de545b67a625414efafa5d84e
- SHA256
  
  f2c6d9872d46d42dc51f547c51a305841dddcfce39aec28caa131c8ae8600cfe
- SHA512
  
  76cc75a9f52ae13b16933680b8b7dc7350753df3aa39a5b958e291805c9d891304b0dcf4ea34d41e33581756bbdf150c80dfb4a40d421f038c44dd53b560efb7
- SSDEEP
  
  12288:rMrVy90ADToudzs4VdFVwqGUfviVrylUzqn21COyzT:Syuum8vrGiW+lwDwNzT
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan